|
|
You're in the
sql server programming
group:IF EXISTS?
sql server programming:
(the DB table named Users has 3 columns - UserID which is an IDENTITY column, UserName varchar(50) & Password varchar(50)): ALTER PROCEDURE dbo.LoginUser @UserName varchar(50), @Password varchar(50) AS DECLARE @ID int IF EXISTS(SELECT UserID = @ID FROM Users WHERE UserName = @UserName AND Password = @Password) BEGIN SET @ID = @ID END ELSE BEGIN SET @ID = 0 END RETURN @ID Now suppose one of the values under UserName & Password columns in the DB table named Users is "simon" & "nomis" respectively (both without the quotes). Assume that the UserID of this user is 6. Now when I execute the following query: EXEC LoginUser 'simon','nomis' then @ID always returns 0 where as it should return 6 in this case. What am I doing wrong?
You can even simplify the process a bit more. (I recommend AGAINST using =
the RETURN value to return DATA to the application. It 'should' be used = as a status indicator, returning success or failure codes.) CREATE PROCEDURE dbo.LoginUser ( @UserName varchar(50), @Password varchar(50) ) AS DECLARE @ID int SELECT @ID =3D isnull( UserID , 0 ) FROM Users=20 WHERE ( UserName =3D @UserName AND Password =3D @Password ) =20 SELECT isnull( @id, 0 ) GO --=20 Arnie Rowland, Ph.D. Westwood Consulting, Inc Most good judgment comes from experience.=20 Most experience comes from bad judgment.=20 - Anonymous [quoted text, click to view] "Tom Cooper" <tomcooper@comcast.no.spam.please.net> wrote in message =
news:nqGdnYZZv_86iovYnZ2dnUVZ_vidnZ2d@comcast.com... > Are you sure it's returning zero. I would think it would return NULL. = You=20 > can't use the query inside and IF EXISTS () to set a vairable in this = way.=20 > And you you don't need to. Just use a select to set @ID and then you = can=20 > test @@ROWCOUNT to see if you found a row. If you didn't, set @ID to = 0,=20 > something like: >=20 > ALTER PROCEDURE dbo.LoginUser > @UserName varchar(50), > @Password varchar(50) > AS > DECLARE > @ID int >=20 > SELECT @ID =3D UserID FROM Users WHERE UserName =3D @UserName > AND Password =3D @Password > IF @@ROWCOUNT =3D 0 > BEGIN > SET @ID =3D 0 > END > RETURN @ID >=20 > "RON" <rn5a@rediffmail.com> wrote in message=20 > news:1159071040.743797.140190@d34g2000cwd.googlegroups.com... >> Consider the following procedure that expects a username & password >> (the DB table named Users has 3 columns - UserID which is an IDENTITY >> column, UserName varchar(50) & Password varchar(50)): >> >> ALTER PROCEDURE dbo.LoginUser >> @UserName varchar(50), >> @Password varchar(50) >> AS >> DECLARE >> @ID int >> >> IF EXISTS(SELECT UserID =3D @ID FROM Users WHERE UserName =3D = @UserName >> AND Password =3D @Password) >> BEGIN >> SET @ID =3D @ID >> END >> ELSE >> BEGIN >> SET @ID =3D 0 >> END >> RETURN @ID >> >> Now suppose one of the values under UserName & Password columns in = the >> DB table named Users is "simon" & "nomis" respectively (both without >> the quotes). Assume that the UserID of this user is 6. Now when I >> execute the following query: >> >> EXEC LoginUser 'simon','nomis' >> >> then @ID always returns 0 where as it should return 6 in this case. >> What am I doing wrong? >>=20 >=20
Are you sure it's returning zero. I would think it would return NULL. You
can't use the query inside and IF EXISTS () to set a vairable in this way. And you you don't need to. Just use a select to set @ID and then you can test @@ROWCOUNT to see if you found a row. If you didn't, set @ID to 0, something like: ALTER PROCEDURE dbo.LoginUser @UserName varchar(50), @Password varchar(50) AS DECLARE @ID int SELECT @ID = UserID FROM Users WHERE UserName = @UserName AND Password = @Password IF @@ROWCOUNT = 0 BEGIN SET @ID = 0 END RETURN @ID [quoted text, click to view] "RON" <rn5a@rediffmail.com> wrote in message news:1159071040.743797.140190@d34g2000cwd.googlegroups.com... > Consider the following procedure that expects a username & password > (the DB table named Users has 3 columns - UserID which is an IDENTITY > column, UserName varchar(50) & Password varchar(50)): > > ALTER PROCEDURE dbo.LoginUser > @UserName varchar(50), > @Password varchar(50) > AS > DECLARE > @ID int > > IF EXISTS(SELECT UserID = @ID FROM Users WHERE UserName = @UserName > AND Password = @Password) > BEGIN > SET @ID = @ID > END > ELSE > BEGIN > SET @ID = 0 > END > RETURN @ID > > Now suppose one of the values under UserName & Password columns in the > DB table named Users is "simon" & "nomis" respectively (both without > the quotes). Assume that the UserID of this user is 6. Now when I > execute the following query: > > EXEC LoginUser 'simon','nomis' > > then @ID always returns 0 where as it should return 6 in this case. > What am I doing wrong? >
Arnie, since you recommend not to use RETURN values, how would I pass
the UserID of the user who has logged in using his UserName & Password, to, say, an ASP.NET page? This is the ASP.NET code: Sub btnSubmit(ByVal obj As Object, ByVal ea As EventArgs) Dim sqlCmd As SqlCommand Dim sqlConn As SqlConnection sqlConn = New SqlConnection(".....") sqlCmd = New SqlCommand("LoginUsers", sqlConn) sqlCmd.CommandType = CommandType.StoredProcedure With sqlCmd .Parameters.Add("@ID", SqlDbType.Int, 4).Direction = ParameterDirection.ReturnValue .Parameters.Add("@UserName", SqlDbType.VarChar, 50).Value = txtUserName.Text .Parameters.Add("@Password", SqlDbType.VarChar, 50).Value = txtPassword.Text End With sqlConn.Open() sqlCmd.ExecuteNonQuery() If (sqlCmd.Parameters(0).Value = 0) Then Response.Write("Invalid User") End If sqlConn.Close() End Sub If a user happens to be a valid user, then the return value will always be greater than 0. Now since you recommend against using RETURN values, how do I modify the stored procedure to use an OUTPUT parameter & then call the stored procedure from the ASP.NET page so that the OUTPUT parameter gives me the UserID of a valid user who has just logged in? Ron [quoted text, click to view] Arnie Rowland wrote:
> You can even simplify the process a bit more. (I recommend AGAINST using the RETURN value to return DATA to the application. It 'should' be used as a status indicator, returning success or failure codes.) > > CREATE PROCEDURE dbo.LoginUser > ( @UserName varchar(50), > @Password varchar(50) > ) > AS > DECLARE @ID int > > SELECT @ID = isnull( UserID , 0 ) > FROM Users > WHERE ( UserName = @UserName > AND Password = @Password > ) > > SELECT isnull( @id, 0 ) > GO > > > > -- > Arnie Rowland, Ph.D. > Westwood Consulting, Inc > > Most good judgment comes from experience. > Most experience comes from bad judgment. > - Anonymous > > > "Tom Cooper" <tomcooper@comcast.no.spam.please.net> wrote in message news:nqGdnYZZv_86iovYnZ2dnUVZ_vidnZ2d@comcast.com... > > Are you sure it's returning zero. I would think it would return NULL. You > > can't use the query inside and IF EXISTS () to set a vairable in this way. > > And you you don't need to. Just use a select to set @ID and then you can > > test @@ROWCOUNT to see if you found a row. If you didn't, set @ID to 0, > > something like: > > > > ALTER PROCEDURE dbo.LoginUser > > @UserName varchar(50), > > @Password varchar(50) > > AS > > DECLARE > > @ID int > > > > SELECT @ID = UserID FROM Users WHERE UserName = @UserName > > AND Password = @Password > > IF @@ROWCOUNT = 0 > > BEGIN > > SET @ID = 0 > > END > > RETURN @ID > > > > "RON" <rn5a@rediffmail.com> wrote in message > > news:1159071040.743797.140190@d34g2000cwd.googlegroups.com... > >> Consider the following procedure that expects a username & password > >> (the DB table named Users has 3 columns - UserID which is an IDENTITY > >> column, UserName varchar(50) & Password varchar(50)): > >> > >> ALTER PROCEDURE dbo.LoginUser > >> @UserName varchar(50), > >> @Password varchar(50) > >> AS > >> DECLARE > >> @ID int > >> > >> IF EXISTS(SELECT UserID = @ID FROM Users WHERE UserName = @UserName > >> AND Password = @Password) > >> BEGIN > >> SET @ID = @ID > >> END > >> ELSE > >> BEGIN > >> SET @ID = 0 > >> END > >> RETURN @ID > >> > >> Now suppose one of the values under UserName & Password columns in the > >> DB table named Users is "simon" & "nomis" respectively (both without > >> the quotes). Assume that the UserID of this user is 6. Now when I > >> execute the following query: > >> > >> EXEC LoginUser 'simon','nomis' > >> > >> then @ID always returns 0 where as it should return 6 in this case. > >> What am I doing wrong? > >> > > > > > ------=_NextPart_000_0073_01C6DF6F.09123570 > Content-Type: text/html; charset=iso-8859-1 > Content-Transfer-Encoding: quoted-printable > X-Google-AttachSize: 5642 > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> > <META content="MSHTML 6.00.5296.0" name=GENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY> > <DIV><FONT face=Arial size=2>You can even simplify the process a bit more. (I > recommend AGAINST using the RETURN value to return DATA to the application. It > 'should' be used as a status indicator, returning success or failure > codes.)</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2><FONT face="Courier New">CREATE PROCEDURE > dbo.LoginUser<BR> ( @UserName > varchar(50),<BR> @Password > varchar(50)</FONT></FONT></DIV> > <DIV><FONT face=Arial size=2><FONT face="Courier New"> > )<BR>AS<BR></FONT></FONT><FONT face=Arial size=2><FONT > face="Courier New"> DECLARE @ID int<BR><BR> SELECT > @ID = isnull( UserID , 0 )</FONT></FONT></DIV> > <DIV><FONT face=Arial size=2><FONT face="Courier New"> > FROM Users </FONT></FONT></DIV> > <DIV><FONT face=Arial size=2><FONT face="Courier New"> > WHERE ( UserName = > @UserName<BR> AND Password = > @Password</FONT></FONT></DIV> > <DIV><FONT face=Arial size=2><FONT > face="Courier New"> )<BR> </FONT></FONT></DIV> > <DIV><FONT face="Courier New" size=2> SELECT isnull( @id, 0 > )</FONT></DIV> > <DIV><FONT face=Arial size=2><FONT face="Courier New">GO</FONT></DIV> > <DIV><BR><BR><BR>-- <BR>Arnie Rowland, Ph.D.<BR>Westwood Consulting, > Inc</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2>Most good judgment comes from experience. <BR>Most > experience comes from bad judgment. <BR>- Anonymous</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2>"Tom Cooper" <</FONT><A > href="mailto:tomcooper@comcast.no.spam.please.net"><FONT face=Arial > size=2>tomcooper@comcast.no.spam.please.net</FONT></A><FONT face=Arial > size=2>> wrote in message </FONT><A > href="news:nqGdnYZZv_86iovYnZ2dnUVZ_vidnZ2d@comcast.com"><FONT face=Arial > size=2>news:nqGdnYZZv_86iovYnZ2dnUVZ_vidnZ2d@comcast.com</FONT></A><FONT > face=Arial size=2>...</FONT></DIV><FONT face=Arial size=2>> Are you sure it's > returning zero. I would think it would return NULL. You <BR>> > can't use the query inside and IF EXISTS () to set a vairable in this way.
You can return data using either output parameters or result set. Arnie's
example used a SELECT statement to return the value in a result set so one method to retrieve that value is ExecuteScalar. Untested example: Dim id As Int32 = Convert.ToInt32(sqlCmd.ExecuteScalar()) The following untested example below uses an output parameter: CREATE PROCEDURE dbo.LoginUser @UserName varchar(50), @Password varchar(50), @ID int OUTPUT AS SET NOCOUNT ON SELECT @ID = UserID FROM dbo.Users WHERE UserName = @UserName AND Password = @Password GO With sqlCmd .Parameters.Add("@UserName", SqlDbType.VarChar, 50).Value = txtUserName.Text .Parameters.Add("@Password", SqlDbType.VarChar, 50).Value = txtPassword.Text .Parameters.Add("@ID", SqlDbType.Int, 4).Direction = ParameterDirection.Output End With sqlConn.Open() sqlCmd.ExecuteNonQuery() If (sqlCmd.Parameters("@ID").Value = DBNull.Value) Then Response.Write("Invalid User") End If -- Hope this helps. Dan Guzman SQL Server MVP [quoted text, click to view] "RON" <rn5a@rediffmail.com> wrote in message
news:1159102242.345508.46410@b28g2000cwb.googlegroups.com... > Arnie, since you recommend not to use RETURN values, how would I pass > the UserID of the user who has logged in using his UserName & Password, > to, say, an ASP.NET page? This is the ASP.NET code: > > Sub btnSubmit(ByVal obj As Object, ByVal ea As EventArgs) > Dim sqlCmd As SqlCommand > Dim sqlConn As SqlConnection > > sqlConn = New SqlConnection(".....") > sqlCmd = New SqlCommand("LoginUsers", sqlConn) > sqlCmd.CommandType = CommandType.StoredProcedure > > With sqlCmd > .Parameters.Add("@ID", SqlDbType.Int, 4).Direction = > ParameterDirection.ReturnValue > .Parameters.Add("@UserName", SqlDbType.VarChar, 50).Value = > txtUserName.Text > .Parameters.Add("@Password", SqlDbType.VarChar, 50).Value = > txtPassword.Text > End With > > sqlConn.Open() > sqlCmd.ExecuteNonQuery() > > If (sqlCmd.Parameters(0).Value = 0) Then > Response.Write("Invalid User") > End If > > sqlConn.Close() > End Sub > > If a user happens to be a valid user, then the return value will always > be greater than 0. Now since you recommend against using RETURN values, > how do I modify the stored procedure to use an OUTPUT parameter & then > call the stored procedure from the ASP.NET page so that the OUTPUT > parameter gives me the UserID of a valid user who has just logged in? > > Ron > > Arnie Rowland wrote: >> You can even simplify the process a bit more. (I recommend AGAINST using >> the RETURN value to return DATA to the application. It 'should' be used >> as a status indicator, returning success or failure codes.) >> >> CREATE PROCEDURE dbo.LoginUser >> ( @UserName varchar(50), >> @Password varchar(50) >> ) >> AS >> DECLARE @ID int >> >> SELECT @ID = isnull( UserID , 0 ) >> FROM Users >> WHERE ( UserName = @UserName >> AND Password = @Password >> ) >> >> SELECT isnull( @id, 0 ) >> GO >> >> >> >> -- >> Arnie Rowland, Ph.D. >> Westwood Consulting, Inc >> >> Most good judgment comes from experience. >> Most experience comes from bad judgment. >> - Anonymous >> >> >> "Tom Cooper" <tomcooper@comcast.no.spam.please.net> wrote in message >> news:nqGdnYZZv_86iovYnZ2dnUVZ_vidnZ2d@comcast.com... >> > Are you sure it's returning zero. I would think it would return NULL. >> > You >> > can't use the query inside and IF EXISTS () to set a vairable in this >> > way. >> > And you you don't need to. Just use a select to set @ID and then you >> > can >> > test @@ROWCOUNT to see if you found a row. If you didn't, set @ID to >> > 0, >> > something like: >> > >> > ALTER PROCEDURE dbo.LoginUser >> > @UserName varchar(50), >> > @Password varchar(50) >> > AS >> > DECLARE >> > @ID int >> > >> > SELECT @ID = UserID FROM Users WHERE UserName = @UserName >> > AND Password = @Password >> > IF @@ROWCOUNT = 0 >> > BEGIN >> > SET @ID = 0 >> > END >> > RETURN @ID >> > >> > "RON" <rn5a@rediffmail.com> wrote in message >> > news:1159071040.743797.140190@d34g2000cwd.googlegroups.com... >> >> Consider the following procedure that expects a username & password >> >> (the DB table named Users has 3 columns - UserID which is an IDENTITY >> >> column, UserName varchar(50) & Password varchar(50)): >> >> >> >> ALTER PROCEDURE dbo.LoginUser >> >> @UserName varchar(50), >> >> @Password varchar(50) >> >> AS >> >> DECLARE >> >> @ID int >> >> >> >> IF EXISTS(SELECT UserID = @ID FROM Users WHERE UserName = @UserName >> >> AND Password = @Password) >> >> BEGIN >> >> SET @ID = @ID >> >> END >> >> ELSE >> >> BEGIN >> >> SET @ID = 0 >> >> END >> >> RETURN @ID >> >> >> >> Now suppose one of the values under UserName & Password columns in the >> >> DB table named Users is "simon" & "nomis" respectively (both without >> >> the quotes). Assume that the UserID of this user is 6. Now when I >> >> execute the following query: >> >> >> >> EXEC LoginUser 'simon','nomis' >> >> >> >> then @ID always returns 0 where as it should return 6 in this case. >> >> What am I doing wrong? >> >> >> > >> > >> ------=_NextPart_000_0073_01C6DF6F.09123570 >> Content-Type: text/html; charset=iso-8859-1 >> Content-Transfer-Encoding: quoted-printable >> X-Google-AttachSize: 5642 >> >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> >> <HTML><HEAD> >> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> >> <META content="MSHTML 6.00.5296.0" name=GENERATOR> >> <STYLE></STYLE> >> </HEAD> >> <BODY> >> <DIV><FONT face=Arial size=2>You can even simplify the process a bit >> more. (I >> recommend AGAINST using the RETURN value to return DATA to the >> application. It >> 'should' be used as a status indicator, returning success or failure >> codes.)</FONT></DIV> >> <DIV><FONT face=Arial size=2></FONT> </DIV> >> <DIV><FONT face=Arial size=2><FONT face="Courier New">CREATE PROCEDURE >> dbo.LoginUser<BR> ( @UserName >> varchar(50),<BR> @Password >> varchar(50)</FONT></FONT></DIV> >> <DIV><FONT face=Arial size=2><FONT face="Courier New"> >> )<BR>AS<BR></FONT></FONT><FONT face=Arial size=2><FONT >> face="Courier New"> DECLARE @ID int<BR><BR> >> SELECT >> @ID = isnull( UserID , 0 )</FONT></FONT></DIV> >> <DIV><FONT face=Arial size=2><FONT face="Courier New"> >> FROM Users </FONT></FONT></DIV> >> <DIV><FONT face=Arial size=2><FONT face="Courier New"> >> WHERE ( UserName = >> @UserName<BR> AND >> Password =
Don't see what you're looking for? Try a search.
|
January 2003
March 2003
April 2003
May 2003
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
April 2008
| home · blog · groups | Questions? Comments? Contact the dn |